 | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
JUNOS software for the SRX 3400 and SRX 3600 services gateways integrates the world-class network security and routing capabilities of Juniper networks. JUNOS software for these service gateways includes the wide range of security services including policies, screens, NAT, class-of-service classifiers, and the rich, extensive set of flow-based services that are also supported on the other devices in the SRX-series services gateways
The distributed parallel processing architecture of the SRX 3400 and SRX 3600 services gateways includes multiple processors to manage sessions and run security and other services processing. This architecture provides greater flexibility and allows for high throughput and fast performance.
Here is an overview of the main components involved in setting up a session for a packet and processing the packets as they transit the SRX 3400 and SRX 3600 services gateways:
Services Processing Units (SPUs) — The main processors of the SRX 3400 and SRX 3600 services gateways reside on Services Processing Cards (SPCs). They establish and manage traffic flows and perform most of the packet processing on a packet as it transits the device. Each SPU maintains a hash table for fast session lookup. The SPU performs all flow-based processing for a packet, including application of security services, classifiers, and traffic shapers. All packets that belong to the same flow are processed by the same SPU.The SPU maintains a session table with entries for all sessions that it established and whose packets it processes. When an SPU receives a packet from an NPU, it checks its session table to ensure that the packet belongs to it.
For SRX 3400 and SRX 3600 services gateways, one SPU acts in concert performing its regular session management and flow processing functions and acting as a central point in which it arbitrates sessions and allocates resources. When an SPU performs in this manner it is said to be in combo mode.
Central Point (CP) — The central point is used to allocate session management to SPUs based on load balancing criteria. It distributes sessions in an intelligent way to avoid occurrences in which multiple SPUs might wrongly handle the same flow. The central point follows load balancing criteria in allocating sessions to SPUs. If the session exists, the central point forwards packets for that flow to the SPU hosting it. It also redirects packets to the correct SPU in the event that the NPU fails to do so.For the SRX 3400 and SRX 3600, one SPU always runs in what is referred to as combo-mode in which it implements both the functionality of the central point and the flow and session management functionality. In combo-mode, the SPU and the central point share the same load-balancing thread (LBT) and packet-ordering thread (POT) infrastructure. For more information, see Central Point and Combo Mode Support.
The central point maintains a global session table with information about the owner SPU of a particular session. It functions as a central repository and resource manager for the whole system.
Routing Engine (RE) — The routing engine runs the control plane and manages the Control Plane Processor (CPP). | Copyright © 2009, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |